*Use this dictionary as a resource to help you navigate through identity crime and fraud protection terms and definitions. Click on the dictionary term to learn more about it.



Accidental Internet exposure: exposure of information as a result of unintended access to the Internet.

Account Takeover: a form of payments fraud whereby the fraudster obtains full control over an account and locks the legitimate owner out. Usually done by changing the PIN or password, or changing the statement mailing address.

Antivirus Protection: software that is intended to protect your computer against malware and other electronic viruses.


Breach: unauthorized access to a computer system’s sensitive, protected and/or confidential information, and the viewing, theft or illegal use of the information.

Bot (Internet bot, web bot): software that is programmed to perform automated tasks on the Internet.

Business breach: a breach that occurs within a business or organization.

Business email compromise (BEC): a scam that utilizes legitimate email accounts to scam money or personal information from a business. These scams target businesses that use wire transfers, foreign suppliers and other invoice transactions.


Cascading Style Sheets (CSS): a style sheet language used in web development to dictate the design components of a web page, typically used in collaboration with HTML and JavaScript.

Check Fraud: Check fraud is a criminal act in which a perpetrator deliberately uses checks to partake in deceptive banking practices for personal gain.

Check Kiting: taking advantage of the float time (the time it takes for the bank to process a check) to make use of non-existent funds in a checking account. See also check fraud.

Check Washing: using chemicals and solvents to remove or modify handwriting on a check to assist in forgery. See also check fraud.

Child identity theft: is when the victim of identity theft is a minor. Because a child, or parent acting on behalf of the child, is unlikely to request credit reports or try to obtain credit, the theft can go undetected for an extended period time.

Credit card fraud: stealing credit card/financial information illegally.

Credit Freeze: a method for preventing a credit file from being shared with potential creditors or insurance companies so new lines of credit cannot be opened in your name. This is done individually by contacting each of the three credit monitoring bureaus.

Credit Reporting Agencies: (also known as Credit Reporting Bureaus) are businesses that maintain historical information pertaining to the credit record of individuals or businesses. The largest U.S. consumer credit reporting agencies are Experian, Equifax and TransUnion.

Credit Score: a three-digit number between 300 and 850 calculated from an individual’s credit report that indicates their creditworthiness. Higher scores indicate to lenders that the individual is more likely to repay a loan.

Criminal identity theft: when somebody commits (non-identity related) crimes under an assumed identity.

Criminal Organization: a group of individuals who work together to commit fraud. See also fraud ring.

Cyberbullying: the act of using online platforms to carry out bullying behavior (i.e. posting mean or embarrassing photos, threatening comments, etc.).

Cybercrime: fraud perpetrated on the Internet or through the use of computers.

Cybersecurity: measures taken to protect a computer/computer system (on the Internet) against unauthorized access or attack.


Data broker: an individual or business that aggregates information from multiple sources as a service (i.e. public databases, people finders, background check websites, etc.).

Data on the move: exposure of information due to transporting or moving of information and information containers (computers, folders, hard drives, etc.) from where they are normally kept.

Digital asset: any form of digital material (text, images, photos, animation, video, artwork, etc.) owned by an individual or a company.

Doxing: a type of trolling that consists of posting some or all of the personal information (name, address, phone number, Social Security number, birth date, etc.) of victims online for public view.

Dumpster diving: the practice of rummaging through someone’s trash to obtain personal information.


Educational breach: a breach that occurs within an educational institution.

Embezzlement: the theft of another’s property or assets by a person who is in a position of trust, such as an employee.

Employee error: unintended exposure of information as a result of an error made by an employee.

Employment fraud: stealing personal information or acquiring monetary compensation by posing as a legitimate business looking for hire.


Fair Credit Reporting Act: a U.S. federal law that gives everyone the right to see their credit report from the three major consumer Credit Reporting Agencies (Experian, FICO, TransUnion).

Federal Trade Commission (FTC): an agency whose purpose is consumer protection and prevention of anticompetitive business methods.

Financial breach: a breach that occurs within a financial corporation.

Financial identity theft: when a person uses an assumed identity for personal monetary gain.

First-party fraud: when a legitimate customer opens an account, withdrawals money, and has no intention of repayment.

Float time: the time between when an individual writes and submits a check as a payment and when the individual’s bank receives the instruction to move funds from the account.

Forgery: the process of counterfeiting or altering documents, such as a check, with the intent to deceive

Fraud: the theft and misuse of a victim’s personal information and existing financial accounts. This includes stealing personally identifiable information (PII) and ATM/debit card information to make fraudulent transactions.

Fraudster: a person who commits fraud.

Fraud Prevention: taking the steps that best protect against fraud, identity theft and other external threats targeting companies and individuals.

Fraud ring: see criminal organization.


Government/Military breach: a breach that occurs within a government or military based facility.


Hacking: exposure of information as a result of a targeted attack executed through unauthorized access to a computer or network.

Hypertext Markup Language (HTML): a markup language that allows web developers to manipulate the text and graphics on a web page, typically in collaboration with CSS and JavaScript.


Identity theft: the theft of an individual’s PII and subsequent impersonation of their identity to create new accounts using all, or portions of, their information. This includes using a stolen Social Security number to open a credit card in someone else’s name.

Insider theft: exposure of information as a result of theft orchestrated by an individual within the institution such as an employee or staff member (either former or current).

Intellectual property information: information pertaining to original creations of an individual (i.e. copyright, trademark, patents, etc.)

International Revenue Service (IRS): The United States revenue service that collects taxes and applies and regulates the Internal Revenue Code.


JavaScript: an intricate programming language that is used to create most web content and pages, typically used in collaboration with HTML and CSS. JavaScript is used to perform various functions on websites and can also be used in offline applications (i.e. smart phone applications, desk widgets, PDFs, etc.).



Lurking: when someone secretly searches or reviews an individual’s social media content (photos, text, posts, shares, basic profile information, etc.), typically for the purpose of gathering information. Motivations behind lurking can range from personal boredom to criminal activity.


Magnetic Ink Character Recognition: (also known as MICR or MICR line) Industry standards mandate that this type of special magnetic toner be used to print the information at the bottom of a check.

Malvertising: the use of online advertising to spread malware.

Malware: software that contains specialized code designed to damage or allow unauthorized access to a computer.

Medicaid Fraud: is when any provider of health care has defrauded the state Medicaid system.

Medical breach (health care breach): a breach that occurs within a medical institution or health care company.

Medical identity theft: when a person seeks medical treatment or prescription drugs under an assumed identity.

Medicare Fraud: the collection of Medicare health care reimbursements under false pretenses. It can be both internal and external fraud.

Microprinting: a security feature on checks. Text is printed too small to be photocopied legibly. It prevents fraudsters from making fraudulent copies of checks.


Nigerian scam: (also known as 419 scam) a fraud scheme in which individuals create fictitious stories about needing help transferring money or a foreign national out of the country. In exchange for paying “fees,” scam victims are “promised” a large sum of money upon successful transfer. However, this reward is never paid.



Paper Hanging: a perpetrator will knowingly deposit a bad check into their account, but (unlike check kiting) they will disregard the float period and abandon the account. See also check fraud.

Payments Fraud: encompassing term used to describe fraud related to credit, debit or other payment cards.

Personal health Information (PHI): information pertaining to personal medical records (diagnoses, test/lab results, insurance provider information, etc.)

Personally identifiable information (PII): any information that can be used on its own or with other pieces of personal information that can distinguish a person as an individual (name, address, Social Security number, date of birth, etc.).

Phishing: posing as a legitimate person or company online with the intention of stealing money or personal information.

Physical theft: exposure of information due to physical theft of information and/or information containers (computers, folders, hard drives, etc.)




Scam: a game or fraudulent scheme with the intention of stealing money or personal information

Security Freeze: see credit freeze.

Social engineering: the manipulation techniques that are used to convince somebody of a scam’s legitimacy.

Social Security number: a unique nine-digit number used to identify individuals for Social Security purposes.

Spearphishing: a type of phishing attack that targets a group of people (i.e. employees, members or customers of an organization). 

Spyware: malicious software that gathers information about a computer or network discretely.

Storage Encryption: a storage security feature that uses encryption and decryption of archived data while it is in transit and being stored.

Swatting: a type of trolling where Internet trolls make fake calls to emergency personnel, impersonating their victims. The term “swatting” comes from the idea that these fake calls usually lead to unnecessary police or SWAT raids at the victims’ residences.

Synthetic identity theft: when a person uses a Social Security number to create a fake identity.


Third party error (subcontractor error): unintended exposure of information as a result of a third party or subcontractor error

Trojan (Horse): a type of virus that appears legitimate, but performs illicit activity when activated.

Trolling (Business Pages): the act of deliberatly instigating emotional reactions from others through inflammatory or offensive online interactions on business-related pages or groups that can be motivated by controversies surrounding a business’ actions or connections (affiliations, political or religious statements, mergers, business deals, partnerships, ownership changes, etc.). 

Trolling (Personal Pages): the act of deliberately instigating emotional reactions from others through inflammatory or offensive online interactions on personal pages or non-business related groups. 



Virus: a type of cyber attack that activates a program within a computer system to cause damage to computer files.

Vishing: posing as a legitimate person or company over the phone with the intention of stealing money or personal information.


Web beacon: typically a single pixel graphic or image that is placed on websites to track user activity

Whaling: a type of phishing attack that targets high-level executives (CEOs, owners, board members, etc.). 

Worm: a type of cyber attack that travels through a computer’s memory and hard drive to case a computer to crash.